1. Technical Field
This application generally relates to distributed data processing systems, to the Internet and the domain name system (DNS), and to cyber-security and attack mitigation techniques.
2. Brief Description of the Related Art
Internet resources are located using Internet Protocol (IP) addresses. IP addresses typically point to a machine, or set of machines, depending on network configurations. In the past, the IPv4 protocol has been used for these addresses, but more recently, primarily due to the explosion of connected devices and the need for a larger address space, a transition to IPv6 addressing has begun.
The domain name system (DNS) is a system that maps human-friendly names to IP addresses. DNS is a hierarchical system made up of DNS servers, also referred to as name servers, that are configured with software running on appropriate hardware to provide application layer name lookup services. Individual DNS servers may be managed by many different entities, public, quasi-public, or private, depending on their role and function. Generally speaking, given a request to resolve a given hostname, such as www.foo.com, the DNS system returns a set of one or more IP addresses pointing to machines that provide resources (e.g., content from a web server or media server, services accessed through an application programming interface) associated with that domain name. Various intermediate steps, including recursive lookups and name aliasing (e.g., canonical name or CNAME), may occur in the lookup process.
Some DNS servers are recursive DNS servers, which are usually the type provided by an Internet Service Provider for its subscribers. These DNS servers typically resolve hostnames on behalf of end-user devices, such as a person's laptop, tablet, or smartphone. More recently, public or so-called ‘open’ DNS servers have become more popular. Such public DNS servers allow virtually anyone (not just ISP subscribers) to make requests and get DNS answers.
Some DNS servers are authoritative DNS servers that are designated as authoritative for particular domains. Such DNS servers typically respond to requests from recursive DNS servers (which may then cache the response, enhancing the scalability of the system).
A wide variety of information about the domain name system is available. RFC 1035, among many others, specifies message formats, rules, and mechanisms used in DNS. RFC 2671 specifies extension mechanisms to DNS. RFC 6891 refines those extension mechanisms. One such extension currently under development is called the EDNS0 client subnet extension mechanism, which specifies a mechanism by which a given DNS server can include client IP address information (e.g., an IP address or a portion thereof, as defined by a netmask) about the originator of the request when it makes an upstream request to another DNS server. More information is provided in an IETF (Internet Engineering Task Force) draft titled “Client Subnet in DNS Requests” by C. Contavalli et al., Jul. 4, 2013.
Due to its central role in the operation of the Internet, the domain name system is sometimes the target of attack, or, just as maliciously, used by attackers to find machines that they wish to attack, such as those hosting a particular website or web application. The systems, methods, and apparatus described herein can be used to enhance the security of the domain name system and the Internet resources located using it, and provide other benefits and advantages that will become clear in light of the teachings hereof.